UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. AighaeZ1
    3. Posts
    A
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 6
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: Can I use opensnitch?

      Yes, the firewall stays active after rebooting.

      I've also checked if the firewall was perhaps circumvented by looking at the NAT log of my router. No entry, so it seems to work.

      Another idea might be: If you, say, currently need Cloudflare for surfing the net, then you could enable just these IP ranges by making a separate text file and running this command:

      while read line; do sudo ufw allow out from any to $line; done < ip-ranges-cloudflare.txt
      

      I only changed in the first script "deny" to "allow".

      These would be the IP ranges:

      173.245.48.0/20
      103.21.244.0/22
      103.22.200.0/22
      103.31.4.0/22
      141.101.64.0/18
      108.162.192.0/18
      190.93.240.0/20
      188.114.96.0/20
      197.234.240.0/22
      198.41.128.0/17
      162.158.0.0/15
      104.16.0.0/13
      104.24.0.0/14
      172.64.0.0/13
      131.0.72.0/22
      2400:cb00::/32
      2606:4700::/32
      2803:f800::/32
      2405:b500::/32
      2405:8100::/32
      2a06:98c0::/29
      2c0f:f248::/32
      
      posted in Support
      A
      AighaeZ1
    • RE: Can I use opensnitch?

      To get a similar functionally like opensnitch I ended up doing this.

      I enabled the firewall ufw:

      sudo ufw enable
      

      I created a text file with the ip ranges of Canonical, Cloudflare and Digital Ocean:

      162.213.32.0/24
      162.213.34.0/24
      162.213.35.0/24
      185.125.188.0/23
      185.125.190.0/24
      194.169.254.0/24
      91.189.89.0/24
      91.189.91.0/24
      91.189.95.0/24
      2001:67c:1560::/48
      2001:67c:1561::/48
      2001:67c:1562::/48
      2620:2d:4000::/48
      2620:2d:4001::/48
      2620:2d:4002::/48
      2620:2d:4003::/48
      173.245.48.0/20
      103.21.244.0/22
      103.22.200.0/22
      103.31.4.0/22
      141.101.64.0/18
      108.162.192.0/18
      190.93.240.0/20
      188.114.96.0/20
      197.234.240.0/22
      198.41.128.0/17
      162.158.0.0/15
      104.16.0.0/13
      104.24.0.0/14
      172.64.0.0/13
      131.0.72.0/22
      2400:cb00::/32
      2606:4700::/32
      2803:f800::/32
      2405:b500::/32
      2405:8100::/32
      2a06:98c0::/29
      2c0f:f248::/32
      103.253.144.0/22
      104.131.0.0/18
      104.131.128.0/20
      104.131.144.0/20
      104.131.160.0/20
      104.131.176.0/20
      104.131.192.0/19
      104.131.224.0/19
      104.131.64.0/18
      104.236.0.0/18
      2400:6180:100::/40
      2400:6180:10::/48
      2400:6180::/48
      2604:a880:1::/48
      2604:a880:2::/48
      2604:a880:3::/48
      2604:a880:400::/48
      2604:a880:4::/48
      2604:a880::/48
      2604:a880:800::/48
      

      Finally, I added all these rules to ufw:

      while read line; do sudo ufw deny out from any to $line; done < ip-ranges-canonical-cloudflare.txt
      

      You can check if it worked like this:

      sudo ufw status
      

      Please note: Updates and automatically setting the time, probably GPS won't work anymore because they go through these IPs. Also websites that use Cloudflare won't work, obviously.

      When you need any of this simply turn off the firewall:

      sudo ufw disable
      

      If you'd like to see details of what the firewall does, you can use this:

      journalctl | grep '\[UFW '
      
      posted in Support
      A
      AighaeZ1
    • RE: Can I use opensnitch?

      Ok, I did some more digging: I installed tcptrack to see if I could get outside of the sandbox. Didn't work so opensnitch wouldn't work either even if I would get it installed.

      posted in Support
      A
      AighaeZ1
    • RE: Where can I find ufw logs?

      Found it:

      jounalctl | grep -i ufw
      
      posted in Support
      A
      AighaeZ1
    • Can I use opensnitch?

      Hey everyone,

      Is there a way to use opensnitch? I tried installing it on Libertine but it failed starting because some QT dependencies where missing. Besides, it might not work anyway since it would run in the sandbox?

      Thanks!

      posted in Support
      A
      AighaeZ1
    • Where can I find ufw logs?

      Hey everyone,

      I'am trying to set up ufw but it's rather difficult without access to the logs. I looked at /var/logs but couldn't seen any ufw logs.

      Thanks!

      posted in Support
      A
      AighaeZ1